Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1622 matches found

NVD
NVDadded 2022/06/10 12:15 a.m.21 views

CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

7.5CVSS0.01454EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2022/06/10 12:15 a.m.46 views

CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

7.5CVSS7.1AI score0.01454EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2022/06/10 12:15 a.m.39 views

CVE-2022-31042

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

7.5CVSS7AI score0.01454EPSS
Exploits0References5
Prion
Prionadded 2022/06/10 12:15 a.m.29 views

Open redirect

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

5CVSS7.6AI score0.01454EPSS
Exploits0References5Affected Software3
Tenable Nessus
Tenable Nessusadded 2022/06/10 12:0 a.m.46 views

Amazon Linux AMI : python27 (ALAS-2022-1593)

The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...

9.8CVSS7.2AI score0.01214EPSS
Exploits4References13
Debian CVE
Debian CVEadded 2022/06/09 12:0 a.m.42 views

CVE-2022-31042

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

7.5CVSS7.6AI score0.01454EPSS
Exploits0
Cvelist
Cvelistadded 2022/06/09 12:0 a.m.37 views

CVE-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

7.5CVSS7.8AI score0.01454EPSS
Exploits0References5
Cvelist
Cvelistadded 2022/06/09 12:0 a.m.29 views

CVE-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

7.5CVSS7.7AI score0.01454EPSS
Exploits0References5
CVE
CVEadded 2022/06/09 12:0 a.m.122 views

CVE-2022-31043

CVE-2022-31043 affects the PHP HTTP client Guzzle . The vulnerability arises when a request uses HTTPS and the server redirects to an HTTP URI, causing the Authorization header to be forwarded when it should be stripped. Prior fixes removed the header for host changes but not for scheme changes, ...

7.5CVSS7.5AI score0.01454EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/06/09 12:0 a.m.24 views

CVE-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

7.5CVSS7.4AI score0.01454EPSS
Exploits0References7
Debian CVE
Debian CVEadded 2022/06/09 12:0 a.m.40 views

CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

7.5CVSS7.5AI score0.01454EPSS
Exploits0
0day.today
0day.todayadded 2022/06/09 12:0 a.m.685 views

Atlassian Confluence Namespace OGNL Injection Exploit

This Metasploit module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to evaluate an OGNL expression resulting in OS command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.4AI score0.9444EPSS
Exploits115
CVE
CVEadded 2022/06/09 12:0 a.m.129 views

CVE-2022-31042

Guzzle CVE-2022-31042 affects the handling of Cookie headers during redirects (https→http or host changes). The issue was fixed by stripping cookies on redirects and re-adding only safe cookies via the cookie middleware. Affected versions require upgrades: Guzzle 7 should move to 7.4.4 or later, ...

7.5CVSS7.6AI score0.01454EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/06/09 12:0 a.m.25 views

CVE-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

7.5CVSS7.4AI score0.01454EPSS
Exploits0References7
Metasploit
Metasploitadded 2022/06/08 5:43 p.m.258 views

Atlassian Confluence Namespace OGNL Injection

This module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to evaluate an OGNL expression resulting in OS command execution. Module Options msf use exploit/multi/http/atlassianconfluencenamespaceognlinjection msf...

9.8CVSS9.5AI score0.94408EPSS
Exploits75
CNVD
CNVDadded 2022/05/27 12:0 a.m.28 views

Guzzle Information Disclosure Vulnerability

Guzzle is a PHP HTTP client for guzzle individual developers that makes it easy to send HTTP requests and easily integrate with web services. An information disclosure vulnerability exists in Guzzle versions prior to 7.4.3, and prior to 6.5.6, which stems from a vulnerability that allows a...

8.1CVSS6.2AI score0.00637EPSS
Exploits0References1
NVD
NVDadded 2022/05/25 6:15 p.m.21 views

CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8.1CVSS0.00637EPSS
Exploits0References5
Prion
Prionadded 2022/05/25 6:15 p.m.27 views

Design/Logic Flaw

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

5.8CVSS7.9AI score0.00637EPSS
Exploits0References5Affected Software3
UbuntuCve
UbuntuCveadded 2022/05/25 6:15 p.m.52 views

CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8.1CVSS7.1AI score0.00637EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2022/05/25 12:0 a.m.50 views

CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8.1CVSS8.1AI score0.00637EPSS
Exploits0
Rows per page
Query Builder